Skip to main content

acut3

Infosec, bug bounty, CTF

Recent

Fetch Diversion
·2251 words·11 mins
articles bug bounty fetch diversion xss

API calls and requests for resources can sometimes be diverted toward a different endpoint on the same host, potentially resulting in DOM XSS’s that would otherwise be impossible to trigger, or other types of client-side vulnerabilities.

Intigrity December XSS Challenge
·1353 words·7 mins
write-ups ctf xss

Using hashchange events to control a vulnerable page and escalate an otherwise mostly harmless DOM XSS.

BugPoC Wacky XSS Challenge
·1883 words·9 mins
write-ups ctf xss dom clobbering

Bypassing CSP and SRI with HTML injection and DOM Clobbering.